Hi Scott,
At 10:34 20-01-2012, Scott Kitterman wrote:
If this issue, AIUI, is that someone is worried that later this will be
referenced in an inappropriate way, I'm not sure what would satisfy that. I
think it's already clear.
I don't think so. One of the points mentioned by Murray [1] was:
"the concern is that doing something like this on the standards
track might lead future efforts to believe this mechanism is
sufficient for arbitrary data protection when it is not."
One of the questions asked by the Responsible AD [2] was:
"why there is any objection to doing HMAC (since it isn't hard to do)?"
The text from the DISCUSS is:
"I don't think that's ok. I think you want HMAC() and not H().
If I could supply a redactor with a zero length "private" string,
e.g. message with a header field like "To: @example.org" then the
redactor will send H(redaction-key) which can then allow (via
hash-continuation) checking if any value matches a value from an
output here.
If the alphabet for sensitive values has N characters
then I can also send "To: "+char[i]+"@example.org" for
each i and then play the continuation game on that.
Same for two character prefixes etc.
(2) I can also use this to validate guesses of the redaction
key value. I need to think about how one might avoid that
or if its possible to avoid that."
Regards,
-sm
1. http://www.ietf.org/mail-archive/web/marf/current/msg01681.html
2. http://www.ietf.org/mail-archive/web/marf/current/msg01691.html
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
